-
SOAR Playbooks27 Topics
-
SOAR Platform
-
Configuration Refresh
-
Vulnerability Management
-
Issue Management
-
SOC Program Management
-
Incident Response
-
Air-Gapped Implementation
-
Non-Functional Requirements (NFR)
-
Business Case for SOAR
-
Functional Requirements
-
Technical Building Blocks
-
Operational Building Blocks
-
Platform Maintenance
-
Threat Hunting
-
SOAR Vendors
Detect/Analyze
Quantify the DoS attack and traffic
Review OS and application logs
Research current attack intelligence and recent vulnerabilities
Update internal management team as appropriate (assessment)
Respond
Contact your ISP
Notify legal counsel of any illegal or inappropriate activity
Contact owners of systems being used to mount the DoS attack
Notify constituents (status update)
Notify external parties as appropriate
Notify law enforcement
Throttle or block DoS traffic
Terminate unwanted DoS connections or processes
Switch to alternate sites or networks
Configure egress filters
Harden and/or patch all other vulnerable systems
Remove temporary containment measures
Notify computer security organizations and resources
Notify HR
Notify public relations department
Review and respond to contractual obligations related to intrusion or loss of service
Post-Incident
Notify internal management chain (resolution)
Notify constituents (resolution)
Properly dispose of incident information
Post-incident review
Generate incident report
Update policies and procedures
PHASE Detect/Analyze
Quantify the DoS attack and traffic
Review OS and application logs
Research current attack intelligence and recent vulnerabilities
Update internal management team as appropriate (assessment)
Complete
Initial